Cisco WAN :: 8080 / Destination NAT To Redirect Outgoing HTTPS Traffic To A Local Server
Jul 14, 2011
I have got a Cisco router connected to a LAN and to the internet.I was wondering if I could nat https traffic from inside to internet to a local server (Proxy) on a given port for example tcp 8080.
ip address 192.168.0.1 255.255.255.0
ip nat inside
des internet connexion
ip address 41.x.x.x.x 255.255.255.248
ip nat outside
ip access-list extended Proxy_Redirect
permit tcp 192.168.0.0 0.0.0.255 any eq 443
I'm trying to develop and test a website from my iPad. I have my laptop and iPad on same local network, 192.168.1.xThey can see each other over network and I can access the page:192.168.1.105:80 (my laptops local web server) from both iPad and laptop. However the application server runs on port 8080 and I cannot access this from either device/machine. the router's firewall is playing a role, and I have no software firewall running on laptop that I'm aware of (turned off windows 7 firewall).localhost:8080/myWebSite or 127.0.0.1 also works on port 8080.The only combo that does not work is 192.168.1.105 with port 8080. I need this so the iPad can hit the site so I can test locally while developing.
Right now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?
I cannot get my server to send outgoing traffic through my network. I.e. If i try to connect to any of my services i get a very weak connection. Now, i can still CONNECT, i just don't get any data flow. I cant even PING the server internally, it just times out. Now, regardless of whether i use my internal IP/external domain, i get the same issue. I logged onto my computer and tried a speed test the download was normal (around ~20mbit) but the upload times out.
Here is the fun part, if i connect to the server using a switch, everything works fine! Is it my router or some stupid configuration issue? Router is a WRV54G (I hate this thing). Server is running windows 2008 and has a virtual machine.
So I have a proxy server in my home that all the computers use to access the internet (XP Pro). I edited the host file on the proxy to redirect traffic for various reasons (ad blocking, etc.) But I have noticed that it doesn't seem to affect the computers that use the proxy. For example one entry in the host file could be 127.0.0.1 abc123.com so that abc123.com would loopback to the localhost. For some reason this isn't working. Is there anyway to get this to work without changing the host file on each individual computer?
I have an ASA 5505 with the base license,When I setup the DMZ interface I had to add the deny access to the inside VLAN. The DMZ works fine with WiFi on it, but user's iPhones can't get email unless they turn WiFi off.Is there a simple way to allow HTTPS traffic through the DMZ interface to our internal Exchange server which is NAT'd on the 5505's external IP?
I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.
I have a cisco 1841 and I am hooking up some cameras onto my network. My global IP is 184.108.40.206 and my internal IP which is going to my cameras DVR is 192.168.1.15. I need to be able to forward port 8080 from my global IP to my local IP so i can view my DVR remotely. What is the command i need to put in my Cisco 1841 to forward this port?
i have ACE 4710 appliance that terminate SSL and the connection to the servers is http.
The ACE (one Armed) is load balancing between two web servers and i am using stickness in order to take the connection on the same server based on cookie.I can access the website either by http or https., where on the web page there is a login credential to access using username and password.
When i access the website using https everything works fine and i can login to my account in https mode.When i access the website through http and login to my account the URL is redirected to https...normal because i am using action-list to rewrite the http into https. But when i exit the browser and access the website again using http it is not redirected to https(although i see that i am still login into my account i can see all the inforamtion in my account).
The customer wants the connection to be https even when i exit the browser and access the website again (within short time before the cookie exipres)
Windows IIS server configured behind a Cisco ASA 5540 listening on port 443 currently. Access-list and static translation configured. I have been ask to redirect all port 80 calls to port 443 for this web site only at the firewall. I have suggested moving it behind our content switch with negative results. Can we do this at the firewall level? how to accomplish the redirect for a single site. 8.2.4 is current code
For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
But if the CSS is already handling traffic for existing url... traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?
I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.
In my office environment, my machine is configured with an IP address, Subnet Mask and a Default Gateway. The Default Gateway does not allow internet connectivity but is configured to provide us with connectivity to some server based tool.
Now in order to provide us with the internet access, a proxy server is configured via the LAN settings in the IE. The problem here is the Proxy is restricted for some sites that I need like certain technical blogs and all, which it filters out in the blogs category and does not load.
I do have another Gateway server address that I can use in Local Area Connection IPv4 Properties as Default Gateway address which removes this restriction. I thought that this should be configurable to the LAN Settings as a proxy as well. But when I do so, I lose the connection to the internet.
I am not sure if all Gateways can act as proxy servers. Or is there anything that I am doing wrong. I am using the default port 8080 in LAN Settings.I can ask this from the technician but I am not sure if he would be able to answer that as he is just a first level guy. I thought of figuring it out myself.
cisco 2651XM router with WIC1 adsl card and NM-16ESW switch IOS: c2600-ipbasek9-mz.124-23.bin
I use the following config to export traffic from the adsl card to a fasterthernet port so I can look at the adsl traffic in wireshark on a pc:router(config)#ip traffic-export profile my_rite router(conf-rite)#int FastEthernet 0/0 router(conf-rite)#bidirectional router(conf-rite)#mac-address abcd.efgh.ijkl (mac address of PC) router(conf-rite)#exit router(config)#int dialer0 router(config-if)#ip traffic-export apply my_rite this config works and I can see stuff going on in wireshark but it's only one way. This config only shows traffic going out from my adsl card, but no incoming. There is defintely traffic going both ways because everything about my adsl connection is working perfectly. I've tried using a different fastethernet port, even tried exporting to a different pc but all I see is outgoing ie: source is my public ip address but never as destination . I have bidirectional in the config but it still only shows outgoing. I even tried a different IOS (c2600-adventerprisek9-mz.124-15.T8.bin) but still it doesn't show incoming traffic. Could it be my ISP in some way hiding incoming traffic from view?
we've buyed a WRVS4400N to create a IPSEC VPN tunnel to our client in order to access some applications.
After a while trying to configure the router, we have archieved it and the VPN tunnel is up. We can see the tunnel up from here and from client's side as well. Our client supposendly have created the tunnel in order to access a list of specific IPs in the range 10.113.x.x, but if we try to access this IPs via telnet whe cannot obtain any response.
Making a tracert, we obtain... C:UsersHuexxx>tracert 10.113.56.177 Traza a 10.113.56.177 sobre caminos de 30 saltos como máximo. 1 1 ms 1 ms 1 ms 192.168.0.1 2 * * * Tiempo de espera agotado para esta solicitud. 3 * * ^C
... and therefor the client doesn't receive any packet at its firewall.
I've tried to establish a static route for 10.0.0.0 255.0.0.0 to their remote gateway, but I'm unable to add any entry to static routing list... The router tries to do something, but afterall I cannot see the new entry...
What can I do to route the traffic through the tunnel?
For ASA v8.3 and above we don't need to use nat-controll, traffic from high security interface can go to low security interface without matching NAT statements.So does the ASA automatically NAT s the outgoing traffic to the outside interface by default?
I want to be able to use port 1-80 for all outgoing traffic. I have a VPS outside my home, which can redirect the packets to the prober ports.Is it possible with an application on the computer and VPS? Or is it impossible?
I have a licensing server. Other computers need to turn on a program, they send a message to the licensing server, and it responds that they have permission to run.Until today the licensing server was plugged into its own ethernet wall socket and configured with a static IP address. Today I put a router into that wall socket and now the server's plugged into the router.The router (WRT-54G) was set to the static IP - and now the internet on its network works. I set all ports to be forwarded to the server's internal IP address - and now my programs can detect and ping it. But now the server won't send back permissions to use licensed software, or even reply with a list of the software which it can license.
I am trying to limit the incoming and outgoing traffic on a l2 port to 8mbps for a ip subnet within the nexus 7000. The port is connected to my ISP router which has a bandwidth of 20mbps.Policing won't work on a l2 Port and shaping cannot be applied on a port level. url...I have been reading thru the qos guide for nexus release v6 and have problems understanding the different queues.
We have a Cisco ASA 5520 and im looking for a way to monitor largest outgoing and incoming traffic per ip in real time so to know which of my internal computers are using the most of our Internet Line. Is there a way to this through ADSM ? We use version 6.3.
We have W2K3 domain with Catalyst 4507 routers.Client (laptop, tablet etc) needs to redirect web traffic (port 80) to a proxy server that listens on port 8080.
Before you ask, this cannot be done using a PAC file distributed via Group Policy or the like because these devices are not controlled by us. These devices are client owned and could be non-Microsoft OS and/or non-IE browser. The theory is to have a WiFi network where clients can bring whatever they like - iPad, Android, Windows, whatever it may be but we do not control them and therefore cannot send a PAC file to it. In the case on Android it does not have a proxy setting even if we could force something.
I've looked at Policy Based Routing which appears to do half the job. I can route a web request that is on port 80 to a new location ie our proxy server. But the problem is that it arrives on the same port 80 when the proxy server only listens on port 8080.
we're looking to use an ASA5505 or 5510 as our firewall but want to see if one of them can prioritize traffic. I know it does QoS but we're wanting to dedicate x amount of our bandwidth to traffic based on destination IP address. Is that possible and does it take a license upgrade?
I want to know if there is way to tag traffic with DCSP tags without having to do all the other requirments of QOS setup. All i want to do is just tag traffic at different DCSP values via source and destination IPs. We do not have a need to be priortizing traffic on out internal switches. We just want to tag the traffic so our MPLS provider can distinguish the different types of traffic.
Our environments is primarily 3750s in all offices.
I have a requirement to bypass some specific traffic (with particular source to specific internet destination) in ACE 4710.
All the webtraffic (http and https) is configured to loadbalance to my proxies , i need to configure some specific traffic with source and destiantion to internet to byepass from this loadbalancing and directly got to outside interface .